harmacist/tinyib
1
0
Fork 0
forked from GithubBackups/tinyib
Code Pull Requests Activity

Fix TINYIB_MANAGEKEY issue

Browse Source 
Resolves #194.
This commit is contained in:
Trevor Slocum 2021-03-28 11:06:43 -07:00
parent f6f6502b58
commit 421503ee01
2 changed files with 14 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
imgboard.php
View File

@ -228,7 +228,7 @@ if (!isset($_GET['delete']) && !isset($_GET['manage']) && (isset($_POST['name'])
fancyDie(__('Posting is currently disabled.<br>Please try again in a few moments.')); fancyDie(__('Posting is currently disabled.<br>Please try again in a few moments.'));
} }
list($loggedin, $isadmin) = manageCheckLogIn(); list($loggedin, $isadmin) = manageCheckLogIn(false);
$rawpost = isRawPost(); $rawpost = isRawPost();
$rawposttext = ''; $rawposttext = '';
if (!$loggedin) { if (!$loggedin) {
@ -554,7 +554,7 @@ if (!isset($_GET['delete']) && !isset($_GET['manage']) && (isset($_POST['name'])
$post = postByID($_POST['delete']); $post = postByID($_POST['delete']);
if ($post) { if ($post) {
list($loggedin, $isadmin) = manageCheckLogIn(); list($loggedin, $isadmin) = manageCheckLogIn(false);
if ($loggedin && $_POST['password'] == '') { if ($loggedin && $_POST['password'] == '') {
// Redirect to post moderation page // Redirect to post moderation page
@ -592,7 +592,7 @@ if (!isset($_GET['delete']) && !isset($_GET['manage']) && (isset($_POST['name'])
die('--&gt; --&gt; --&gt;<meta http-equiv="refresh" content="0;url=imgboard.php">'); die('--&gt; --&gt; --&gt;<meta http-equiv="refresh" content="0;url=imgboard.php">');
} }
list($loggedin, $isadmin) = manageCheckLogIn(); list($loggedin, $isadmin) = manageCheckLogIn(true);
if ($loggedin) { if ($loggedin) {
if ($isadmin) { if ($isadmin) {

19
inc/functions.php
View File

@ -335,7 +335,10 @@ function checkMessageSize() {
} }
} }
function manageCheckLogIn() { function manageCheckLogIn($requireKey) {
$loggedin = false;
$isadmin = false;
$key = (isset($_GET['manage']) && $_GET['manage'] != '') ? hashData($_GET['manage']) : ''; $key = (isset($_GET['manage']) && $_GET['manage'] != '') ? hashData($_GET['manage']) : '';
if ($key == '' && isset($_SESSION['tinyib_key'])) { if ($key == '' && isset($_SESSION['tinyib_key'])) {
$key = $_SESSION['tinyib_key']; $key = $_SESSION['tinyib_key'];
@ -344,11 +347,13 @@ function manageCheckLogIn() {
$_SESSION['tinyib'] = ''; $_SESSION['tinyib'] = '';
$_SESSION['tinyib_key'] = ''; $_SESSION['tinyib_key'] = '';
session_destroy(); session_destroy();
fancyDie(__('Invalid key.'));
if ($requireKey) {
fancyDie(__('Invalid key.'));
}
return array($loggedin, $isadmin);
} }
$loggedin = false;
$isadmin = false;
if (isset($_POST['managepassword'])) { if (isset($_POST['managepassword'])) {
checkCAPTCHA(TINYIB_MANAGECAPTCHA); checkCAPTCHA(TINYIB_MANAGECAPTCHA);
@ -391,10 +396,8 @@ function setParent() {
function isRawPost() { function isRawPost() {
if (isset($_POST['rawpost'])) { if (isset($_POST['rawpost'])) {
list($loggedin, $isadmin) = manageCheckLogIn(); list($loggedin, $isadmin) = manageCheckLogIn(false);
if ($loggedin) { return $loggedin;
return true;
}
} }
return false; return false;